From 9332a60c8f151302d8d34b4861cf4230fb7a87bb Mon Sep 17 00:00:00 2001 From: Dino Date: Thu, 16 Jun 2022 15:25:18 -0300 Subject: [PATCH 1/2] fix(BaseERC20Guild-and-SnapshotERC20Guild): added checks to prevent users withdrawing zero tokens, also added correspondig tests --- contracts/erc20guild/BaseERC20Guild.sol | 1 + contracts/erc20guild/implementations/SnapshotERC20Guild.sol | 1 + test/erc20guild/ERC20Guild.js | 6 ++++++ test/erc20guild/implementations/SnapshotERC2Guild.js | 6 ++++++ 4 files changed, 14 insertions(+) diff --git a/contracts/erc20guild/BaseERC20Guild.sol b/contracts/erc20guild/BaseERC20Guild.sol index 4b1069f4..82aa26d9 100644 --- a/contracts/erc20guild/BaseERC20Guild.sol +++ b/contracts/erc20guild/BaseERC20Guild.sol @@ -438,6 +438,7 @@ contract BaseERC20Guild { function withdrawTokens(uint256 tokenAmount) external virtual { require(votingPowerOf(msg.sender) >= tokenAmount, "ERC20Guild: Unable to withdraw more tokens than locked"); require(tokensLocked[msg.sender].timestamp < block.timestamp, "ERC20Guild: Tokens still locked"); + require(tokenAmount > 0, "ERC20Guild: amount of tokens to withdraw must be greater than 0"); tokensLocked[msg.sender].amount = tokensLocked[msg.sender].amount.sub(tokenAmount); totalLocked = totalLocked.sub(tokenAmount); tokenVault.withdraw(msg.sender, tokenAmount); diff --git a/contracts/erc20guild/implementations/SnapshotERC20Guild.sol b/contracts/erc20guild/implementations/SnapshotERC20Guild.sol index 6b8a095a..6ce830b4 100644 --- a/contracts/erc20guild/implementations/SnapshotERC20Guild.sol +++ b/contracts/erc20guild/implementations/SnapshotERC20Guild.sol @@ -97,6 +97,7 @@ contract SnapshotERC20Guild is ERC20GuildUpgradeable { "SnapshotERC20Guild: Unable to withdraw more tokens than locked" ); require(tokensLocked[msg.sender].timestamp < block.timestamp, "SnapshotERC20Guild: Tokens still locked"); + require(tokenAmount > 0, "ERC20Guild: amount of tokens to withdraw must be greater than 0"); _updateAccountSnapshot(msg.sender); _updateTotalSupplySnapshot(); tokensLocked[msg.sender].amount = tokensLocked[msg.sender].amount.sub(tokenAmount); diff --git a/test/erc20guild/ERC20Guild.js b/test/erc20guild/ERC20Guild.js index cebd564a..232af99e 100644 --- a/test/erc20guild/ERC20Guild.js +++ b/test/erc20guild/ERC20Guild.js @@ -1290,6 +1290,12 @@ contract("ERC20Guild", function (accounts) { "ERC20: transfer amount exceeds balance" ); + // Cannot withdraw zero tokens + await expectRevert( + erc20Guild.withdrawTokens(0, { from: accounts[1] }), + "ERC20Guild: amount of tokens to withdraw must be greater than 0" + ); + // try to release more than locked and fail await expectRevert( erc20Guild.withdrawTokens(50001, { from: accounts[1] }), diff --git a/test/erc20guild/implementations/SnapshotERC2Guild.js b/test/erc20guild/implementations/SnapshotERC2Guild.js index e2f94b22..7f5dfe27 100644 --- a/test/erc20guild/implementations/SnapshotERC2Guild.js +++ b/test/erc20guild/implementations/SnapshotERC2Guild.js @@ -198,6 +198,12 @@ contract("SnapshotERC20Guild", function (accounts) { "ERC20: transfer amount exceeds balance" ); + // Cannot withdraw zero tokens + await expectRevert( + erc20Guild.withdrawTokens(0, { from: accounts[1] }), + "ERC20Guild: amount of tokens to withdraw must be greater than 0" + ); + // try to release more than locked and fail await expectRevert( erc20Guild.withdrawTokens(50001, { from: accounts[1] }), From 229f9ca76237413df26a6d6749a7d0d42e348e55 Mon Sep 17 00:00:00 2001 From: Dino Date: Thu, 16 Jun 2022 15:37:05 -0300 Subject: [PATCH 2/2] fix(SnapshotERC20Guild): fixed typo in error message --- contracts/erc20guild/implementations/SnapshotERC20Guild.sol | 2 +- test/erc20guild/implementations/SnapshotERC2Guild.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contracts/erc20guild/implementations/SnapshotERC20Guild.sol b/contracts/erc20guild/implementations/SnapshotERC20Guild.sol index 6ce830b4..0815c3b2 100644 --- a/contracts/erc20guild/implementations/SnapshotERC20Guild.sol +++ b/contracts/erc20guild/implementations/SnapshotERC20Guild.sol @@ -97,7 +97,7 @@ contract SnapshotERC20Guild is ERC20GuildUpgradeable { "SnapshotERC20Guild: Unable to withdraw more tokens than locked" ); require(tokensLocked[msg.sender].timestamp < block.timestamp, "SnapshotERC20Guild: Tokens still locked"); - require(tokenAmount > 0, "ERC20Guild: amount of tokens to withdraw must be greater than 0"); + require(tokenAmount > 0, "SnapshotERC20Guild: amount of tokens to withdraw must be greater than 0"); _updateAccountSnapshot(msg.sender); _updateTotalSupplySnapshot(); tokensLocked[msg.sender].amount = tokensLocked[msg.sender].amount.sub(tokenAmount); diff --git a/test/erc20guild/implementations/SnapshotERC2Guild.js b/test/erc20guild/implementations/SnapshotERC2Guild.js index 7f5dfe27..668147f4 100644 --- a/test/erc20guild/implementations/SnapshotERC2Guild.js +++ b/test/erc20guild/implementations/SnapshotERC2Guild.js @@ -201,7 +201,7 @@ contract("SnapshotERC20Guild", function (accounts) { // Cannot withdraw zero tokens await expectRevert( erc20Guild.withdrawTokens(0, { from: accounts[1] }), - "ERC20Guild: amount of tokens to withdraw must be greater than 0" + "SnapshotERC20Guild: amount of tokens to withdraw must be greater than 0" ); // try to release more than locked and fail